<?php
include_once "src/controller/dbmanagement/AuthentificationDBConn.php";
include_once "src/rrsexception/DBConnectionException.php";
include_once "src/rrsexception/DBException.php";


/**
 * Description of AuthorizeDBManagement
 *
 * @author Rory
 */
class AuthorizeDBManagement 
{

  public static function checkAuthorization($email,$pswd)
  {
    try
    {
        $conn= new AuthentificationDBConn();
        $email=$conn->escapeString($email);
        $pswd=$conn->escapeString($pswd);
        $pswd=md5($pswd);
        $querry = "SELECT * FROM rrsusers WHERE email='$email' and pswd='$pswd'";
        $result =$conn->execute($querry);
        $num = mysql_numrows($result);
        $conn->disconnect();
        if($num==1)
        {
          return TRUE;
        }
        else
        {
          return FALSE;
        }
    }
    catch (DBException $e)
    {
       throw $e;
    }
    catch (DBConnectionException $e)
    {
       throw $e;
    }
  }


  public static function addAuthorization($email,$pswd)
  {
        try
        {
            $conn = new AuthentificationDBConn();
            $email=$conn->escapeString($email);
            $pswd=$conn->escapeString($pswd);
            $pswd=md5($pswd);

            //$userId  = $user->getUserId();
            $conn->execute("START TRANSACTION");
            $query = "SELECT * FROM rrsusers WHERE email = '$email'";
            $result = $conn->execute($query);
            $num = mysql_numrows($result);
            if ($num!=0)
            {
               $conn->execute("ROLLBACK");
               $conn->disconnect();
               $userPassword = mysql_result($result,0,"pswd");
               if ($userPassword===$pswd)
                   return TRUE;
               else
                   return FALSE;
            }
            $query = "INSERT INTO rrsusers (email,pswd) VALUES ('$email','$pswd')";
            $result = $conn->execute($query);
            $conn->execute("COMMIT");
            $conn->disconnect();
            return TRUE;
        }
        catch (DBException $e) 
        {
            throw $e;
        }
        catch (DBConnectionException $e) 
        {
            throw $e;
        }   
    }
   
  
  

  public static function updateAuthorization($newPswd, $newEmail, $oldEmail)
  {
         try {
            $conn = new AuthentificationDBConn();
            $newEmail=$conn->escapeString($newEmail);
            $oldEmail=$conn->escapeString($oldEmail);
            $newPswd=$conn->escapeString($newPswd);
            $newPswd=md5($newPswd);
            
            $conn->execute("START TRANSACTION");
            if ($newEmail!==$oldEmail)
            {
                $query = "SELECT * FROM rrsusers WHERE email = '$newEmail'";
                //Verify user did not change email to one already in use
                $result = $conn->execute($query);
                $num = mysql_numrows($result);
                if ($num != 0)
                {
                  $conn->execute("ROLLBACK");
                  $conn->disconnect();
                  return FALSE;
                }
            }
            $query = "SELECT * FROM rrsusers WHERE email = '$oldEmail'";
            //Verify user exists
            $result = $conn->execute($query);
            $num = mysql_numrows($result);
            if ($num != 1)
            {
               $conn->execute("ROLLBACK");
               $conn->disconnect();
               return FALSE;
            }
            $query = "UPDATE rrsusers SET pswd = '$newPswd', email = '$newEmail' WHERE email = '$oldEmail'";
            $result = $conn->execute($query);
            $conn->execute("COMMIT");
            $conn->disconnect();
            return TRUE;
        }
        catch (DBException $e) 
        {
            $conn->execute("ROLLBACK");
            $conn->disconnect();
            throw $e;
        }
        catch (DBConnectionException $e) 
        {
            throw $e;
        }
  }
 
 
}

?>

